Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method for applying a set of policy rules to network traffic, the method comprising: evaluating, by using a processor, conditions specified in the set of policy rules, wherein each condition is a logical expression defined over a set of variables, and is evaluated by substituting values of the set of variables associated with the network traffic into the logical expression; selecting a subset of policy rules whose conditions evaluated as true; selecting a highest precedence policy rule from the subset of policy rules by applying a set of precedence rules to the subset of policy rules, wherein the set of precedence rules imposes a precedence order on the set of policy rules based on condition categories and condition specificities; and performing an action specified in the highest precedence policy rule.
This method applies policy rules to network traffic. First, it evaluates conditions defined in these rules using a processor. Each condition is a logical expression that uses variables (like user, application, network segment, or timeframe) associated with the network traffic. Next, it identifies a subset of rules whose conditions evaluate to true. From this subset, it selects the single policy rule with the highest precedence. This precedence is determined by a set of rules based on condition categories (e.g., application, user) and how specific the conditions are. Finally, the system performs the action specified by this highest precedence policy rule.
2. The method of claim 1 , wherein the set of variables includes one or more of: a user variable that corresponds to a user, an application variable that corresponds to an application, a network segment variable that corresponds to a network segment, or a timeframe variable that corresponds to a timeframe.
This method applies policy rules to network traffic by evaluating conditions (logical expressions using network traffic variables), selecting rules whose conditions are true, identifying the highest precedence rule based on condition categories and specificities, and then performing its specified action. For evaluating the conditions, the set of variables used includes one or more of: a user identity, an application type, a specific network segment, or a defined timeframe.
3. The method of claim 1 , wherein the action includes one or more of: path selection, encryption, Quality of Service (QoS), and drop.
This method applies policy rules to network traffic by evaluating conditions (logical expressions using network traffic variables), selecting rules whose conditions are true, identifying the highest precedence rule based on condition categories and specificities, and then performing its specified action. The action performed by the highest precedence policy rule can include operations such as network path selection, data encryption, Quality of Service (QoS) modification, or dropping the network traffic.
4. The method of claim 1 , wherein each condition belongs to a condition category that is one of: an application category, a user category, a segment category, or a timeframe category.
This method applies policy rules to network traffic by evaluating conditions (logical expressions using network traffic variables), selecting rules whose conditions are true, identifying the highest precedence rule based on condition categories and specificities, and then performing its specified action. In this method, each condition belongs to a specific category, such as an application category, a user category, a network segment category, or a timeframe category, which are used to determine the precedence order of the policy rules.
5. The method of claim 4 , wherein the precedence order in decreasing precedence is as follows: conditions in the application category, conditions in the user category, conditions in the segment category, and conditions in the timeframe category.
This method applies policy rules to network traffic by evaluating conditions (logical expressions using network traffic variables), selecting rules whose conditions are true, identifying the highest precedence rule based on condition categories and specificities, and then performing its specified action. Each condition belongs to a category like application, user, network segment, or timeframe. The precedence rules establish a decreasing order of importance for these categories: application conditions have the highest precedence, followed by user conditions, then network segment conditions, and finally timeframe conditions.
6. The method of claim 5 , wherein within a given category, conditions with more specificity have higher precedence than conditions with lower specificity.
This method applies policy rules to network traffic by evaluating conditions (logical expressions using network traffic variables), selecting rules whose conditions are true, identifying the highest precedence rule based on condition categories and specificities, and then performing its specified action. Each condition belongs to a category (application, user, network segment, or timeframe), and precedence is ordered by category (application highest, then user, segment, timeframe). Additionally, within any single category, conditions that are more specific are assigned a higher precedence than conditions that are less specific.
7. A non-transitory storage medium storing instructions that, when executed by a processor, cause the processor to perform a method for applying a set of policy rules to network traffic, the method comprising: evaluating conditions specified in the set of policy rules, wherein each condition is a logical expression defined over a set of variables, and is evaluated by substituting values of the set of variables associated with the network traffic into the logical expression; selecting a subset of policy rules whose conditions evaluated as true; selecting a highest precedence policy rule from the subset of policy rules by applying a set of precedence rules to the subset of policy rules, wherein the set of precedence rules imposes a precedence order on the set of policy rules based on condition categories and condition specificities; and performing an action specified in the highest precedence policy rule.
A non-transitory storage medium stores instructions which, when executed by a processor, cause it to apply policy rules to network traffic. The process involves: evaluating conditions in the policy rules, where each condition is a logical expression using variables (like user, application, network segment, or timeframe) associated with the network traffic. It then selects a subset of rules whose conditions evaluate to true. From this subset, the processor identifies the highest precedence policy rule by applying precedence rules based on condition categories and specificities. Finally, the processor performs the action specified by this highest precedence rule.
8. The non-transitory storage medium of claim 7 , wherein the set of variables includes one or more of: a user variable that corresponds to a user, an application variable that corresponds to an application, a network segment variable that corresponds to a network segment, or a timeframe variable that corresponds to a timeframe.
A non-transitory storage medium stores instructions which, when executed, cause a processor to apply policy rules to network traffic. This involves evaluating conditions (logical expressions using network traffic variables), selecting rules whose conditions are true, identifying the highest precedence rule based on condition categories and specificities, and then performing its specified action. For evaluating the conditions, the set of variables includes one or more of: a user identity, an application type, a specific network segment, or a defined timeframe.
9. The non-transitory storage medium of claim 7 , wherein the action includes one or more of: path selection, encryption, Quality of Service (QoS), and drop.
A non-transitory storage medium stores instructions which, when executed, cause a processor to apply policy rules to network traffic. This involves evaluating conditions (logical expressions using network traffic variables), selecting rules whose conditions are true, identifying the highest precedence rule based on condition categories and specificities, and then performing its specified action. The action performed by the highest precedence policy rule can include operations such as network path selection, data encryption, Quality of Service (QoS) modification, or dropping the network traffic.
10. The non-transitory storage medium of claim 7 , wherein each condition belongs to a condition category that is one of: an application category, a user category, a segment category, or a timeframe category.
A non-transitory storage medium stores instructions which, when executed, cause a processor to apply policy rules to network traffic. This involves evaluating conditions (logical expressions using network traffic variables), selecting rules whose conditions are true, identifying the highest precedence rule based on condition categories and specificities, and then performing its specified action. In this process, each condition belongs to a specific category, such as an application category, a user category, a network segment category, or a timeframe category, which are used to determine the precedence order of the policy rules.
11. The non-transitory storage medium of claim 10 , wherein the precedence order in decreasing precedence is as follows: conditions in the application category, conditions in the user category, conditions in the segment category, and conditions in the timeframe category.
A non-transitory storage medium stores instructions which, when executed, cause a processor to apply policy rules to network traffic. This involves evaluating conditions (logical expressions using network traffic variables), selecting true rules, identifying the highest precedence rule based on condition categories and specificities, and performing its action. Each condition belongs to a category like application, user, network segment, or timeframe. The precedence rules establish a decreasing order of importance for these categories: application conditions have the highest precedence, followed by user conditions, then network segment conditions, and finally timeframe conditions.
12. The non-transitory storage medium of claim 11 , wherein within a given category, conditions with more specificity have higher precedence than conditions with lower specificity.
A non-transitory storage medium stores instructions which, when executed, cause a processor to apply policy rules to network traffic. This involves evaluating conditions (logical expressions using network traffic variables), selecting true rules, identifying the highest precedence rule based on condition categories and specificities, and performing its action. Each condition belongs to a category (application, user, network segment, or timeframe), and precedence is ordered by category (application highest, then user, segment, timeframe). Additionally, within any single category, conditions that are more specific are assigned a higher precedence than conditions that are less specific.
13. An apparatus, comprising: a processor; and a non-transitory storage medium storing instructions that, when executed by the processor, cause the processor to perform a method for applying a set of policy rules to network traffic, the method comprising: evaluating conditions specified in the set of policy rules, wherein each condition is a logical expression defined over a set of variables, and is evaluated by substituting values of the set of variables associated with the network traffic into the logical expression; selecting a subset of policy rules whose conditions evaluated as true; selecting a highest precedence policy rule from the subset of policy rules by applying a set of precedence rules to the subset of policy rules, wherein the set of precedence rules imposes a precedence order on the set of policy rules based on condition categories and condition specificities; and performing an action specified in the highest precedence policy rule.
An apparatus, comprising a processor and a non-transitory storage medium, is configured to apply policy rules to network traffic. When the processor executes instructions from the storage medium, it performs a method involving: evaluating conditions defined in the policy rules, where each condition is a logical expression using variables (like user, application, network segment, or timeframe) associated with the network traffic. It then selects a subset of rules whose conditions evaluate to true. From this subset, it identifies the highest precedence policy rule by applying precedence rules based on condition categories and specificities. Finally, it performs the action specified by this highest precedence rule.
14. The apparatus of claim 13 , wherein the set of variables includes one or more of: a user variable that corresponds to a user, an application variable that corresponds to an application, a network segment variable that corresponds to a network segment, or a timeframe variable that corresponds to a timeframe.
An apparatus, including a processor and storage medium, is configured to apply policy rules to network traffic. This involves evaluating conditions (logical expressions using network traffic variables), selecting rules whose conditions are true, identifying the highest precedence rule based on condition categories and specificities, and then performing its specified action. For evaluating the conditions, the set of variables includes one or more of: a user identity, an application type, a specific network segment, or a defined timeframe.
15. The apparatus of claim 13 , wherein the action includes one or more of: path selection, encryption, Quality of Service (QoS), and drop.
An apparatus, including a processor and storage medium, is configured to apply policy rules to network traffic. This involves evaluating conditions (logical expressions using network traffic variables), selecting rules whose conditions are true, identifying the highest precedence rule based on condition categories and specificities, and then performing its specified action. The action performed by the highest precedence policy rule can include operations such as network path selection, data encryption, Quality of Service (QoS) modification, or dropping the network traffic.
16. The apparatus of claim 13 , wherein each condition belongs to a condition category that is one of: an application category, a user category, a segment category, or a timeframe category.
An apparatus, including a processor and storage medium, is configured to apply policy rules to network traffic. This involves evaluating conditions (logical expressions using network traffic variables), selecting rules whose conditions are true, identifying the highest precedence rule based on condition categories and specificities, and then performing its specified action. In this process, each condition belongs to a specific category, such as an application category, a user category, a network segment category, or a timeframe category, which are used to determine the precedence order of the policy rules.
17. The apparatus of claim 16 , wherein the precedence order in decreasing precedence is as follows: conditions in the application category, conditions in the user category, conditions in the segment category, and conditions in the timeframe category.
An apparatus, including a processor and storage medium, is configured to apply policy rules to network traffic. This involves evaluating conditions (logical expressions using network traffic variables), selecting true rules, identifying the highest precedence rule based on condition categories and specificities, and performing its action. Each condition belongs to a category like application, user, network segment, or timeframe. The precedence rules establish a decreasing order of importance for these categories: application conditions have the highest precedence, followed by user conditions, then network segment conditions, and finally timeframe conditions.
18. The apparatus of claim 17 , wherein within a given category, conditions with more specificity have higher precedence than conditions with lower specificity.
An apparatus, including a processor and storage medium, is configured to apply policy rules to network traffic. This involves evaluating conditions (logical expressions using network traffic variables), selecting true rules, identifying the highest precedence rule based on condition categories and specificities, and performing its action. Each condition belongs to a category (application, user, network segment, or timeframe), and precedence is ordered by category (application highest, then user, segment, timeframe). Additionally, within any single category, conditions that are more specific are assigned a higher precedence than conditions that are less specific.
Unknown
July 28, 2020
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.